Menu Close

EC arbitrarily rules for US tech firms.    Again. It won’t stick.

The European Commission decided today [1] that the United States is once again a safe country for your data. 

The decision has sent shockwaves through the data protection community and completely ignores the obvious problem with the privacy and security of data processed within US companies. 

It is no secret that the U.S. legal framework for data protection falls completely short of our GDPR’s rigorous requirements. There is no federal privacy legislation and the US government’s legal right to all data leads to the pervasive surveillance practices employed by U.S. intelligence agencies.   Tech giants Meta and Alphabet demonstrate where the balance of power and interest lie, they are not among the wealthiest entities in human existence on the back of a business model which keeps data private.

For the political appointees of the European Commission to (once again [2]) decide to allow US firms to monetise the EU population completely avoids the reality of the situation, namely, there has been no change to US or EU law.  The US measures are not equivalent to GDPR.   The EU Court of Justice will rule as such in due course however, unless you’ve stock in a US tech firm, it’s a waste of energy for this merry dance between the EU Court of Justice and the Commission to go around once again.

In the meantime the European Commission’s decision places another burden on CISOs and DPOs. There are thousands of active projects moving data to EU residency and GDPR adequate services, these cannot safely stop.  The laws either side of the pond haven’t changed and the EU Court will strike the bureaucrat’s decision down in a repeat of Safe Harbour [2]; hopefully the process will be quicker this time around.

This latest decision seriously undermines the efforts of organisations that have invested significant time and resources in implementing data protection measures aligned with the GDPR. We urge CISOs and DPOs not to change tack and guarantee that our data will not transfer to a country that will not protect our data.

Whilst the European Commission are happy to have given away our trust, the management, officers and legal teams within our suppliers, employers and business partners must remain true to the standards and rights we all expect and enjoy.